25 lines
922 B
Markdown
25 lines
922 B
Markdown
---
|
|
title: "Deny regular users to have and use privileges"
|
|
date: 2016-01-09
|
|
url: deny-regular-users-to-have-and-use-privileges
|
|
layout: post
|
|
category: Security
|
|
---
|
|
|
|
[![A missing blog post image](/img/blog/deny-regular-users-to-have-and-use-privileges.png)](/img/blog/deny-regular-users-to-have-and-use-privileges.png)
|
|
|
|
I don't know if you noticed, but regular user may use `sudo` to do whatever they want by default on Raspberry.
|
|
If your current user can destroy the system without even typing the root password, what is the meaning of the root account ?
|
|
|
|
To disable this, as `root` this time, run :
|
|
|
|
`# visudo`
|
|
|
|
As you can see on the screen-shot above, find the lines which match with your regular account(s), and comment them. This will deny regular user to run commands which need privileges.
|
|
|
|
> \#pi ALL=(ALL) NOPASSWD: ALL
|
|
|
|
I've also deleted the user from the "sudo" group too. If you want :
|
|
|
|
`# gpasswd -d pi sudo`
|